<?php


class webwiUser {
	
	public $username;
	public $password;
	public $id;
	
	public $_isOnline = 0;
	public $_groups = array();
	
	public function _construct()
	{
		$this->_groups = new Groups;
		$this->_groups->load(1);
	}
	
	public function login($username, $password)
	{
		$this->password = $GLOBALS['webwiDB']->quoteString(trim($password));
		$this->username = $GLOBALS['webwiDB']->quoteString(trim($username));
		    if(!$this->checkPassword($this->password, $this->username))
			{
				return false;
			} else {
				return true;
			}
  	}
	
	public function checkPassword($password, $username)
	{
		$password = $GLOBALS['webwiDB']->quoteString(trim($password));
		$username = $GLOBALS['webwiDB']->quoteString(trim($username));
		
		$secu = hash('sha512', $username); // Umgewandelter Sicherheitsname
		$password = hash('sha512', $secu.$password); // Passwort noch einmal mit HASH und SECU abgesichert. Das erzeugt einen doppelten HASH String
		
		$count = $GLOBALS['webwiDB']->query($GLOBALS['webwiDB']->fetchRow("SELECT clientid FROM ".$GLOBALS['webwiDB']->prefix('client')." WHERE username = '".$username."' AND password = '".$password."' AND status = 'Active'"));
		if($count == 1)
		{
			return true;
		} else {
			return false;
		}
	}
  
	public function logout()
	{
		// * TODO: CALL here more explizit exit function
		session_destroy();
	}
	
	public function getAllUser()
	{
		$users = $this->db->numRows("SELECT * FROM ".$this->db->prefix('client')." ORDER by name");
			
			foreach($users as $user)
			{
				$newUser = new webwiUser();
				$newUser->id   = $user->id;
				$newUser->name = $user->name;
				$newUser->_groups->load($user->role);
				$res[] = $newUser;
			}
		return $res;
	}
	
	private function load($name)
	{
		$name = $this->db->QuoteString(strtolower(trim($name)));
		$user = $this->db->Query("SELECT * FROM ".$this->db->prefix('client')." WHERE name = '".$name."'");
		$this->id   = $user->id;
		$this->name = $user->name;
		$this->_groups->load($user->_groups);
	}
	
	public function isGuest()
	{
		return $this->_groups->id == 1;
	}
	
	public function isAdmin()
	{
		return $this->_groups->id == 2;
	}

	public function exists()
	{
		$name = $this->db->quoteString(strtolower(trim($this->name)));
		return $this->db->query("SELECT COUNT(*) FROM ".$this->db->prefix('user')." WHERE name='".$name."'") > 0;
	}
	
	public function insert($password)
	{
		$res = false;
			if($this->validate($password))
			{
				$name     = $GLOBALS['db']->quoteString(strtolower(trim($this->name)));
				$role     = $GLOBALS['db']->quoteString($this->_groups);
				$password = $GLOBALS['db']->quoteString(md5($password));
				$res = $this->db->Query("INSERT INTO ".$this->db->prefix('client')." (name, password, role) VALUES ('".$name."','".$password."','".$role."')");
				Cache::clear("tables","userlist");
			}
		return $res;
	}


	public function validate($password)
	{
		$res = true;
		if($res) $res = trim($this->name) != "";
		if($res) $res = trim($this->_groups) != "";
		if($res) $res = trim($password) != "";
		if($res) $res = !$this->exists();
		return $res;
	}

	public function delete()
	{
		$res = false;
			if(!$this->equals($_SESSION['user']))
			{
				$id = $this->db->QuoteString(strtolower(trim($this->id)));
				$res = $this->db->Query("DELETE FROM ".$this->db->prefix('client')." WHERE id = '".$id."'");
				Cache::clear("tables", "userlist");
			}
		return $res;
	}

	public function equals(User $user)
	{
		return $this->id == $user->id;
	}
	
} // CLASSEND
?>